Kerberos doesn't works on (re)new installation...

Hi,

first, sorry for the cross posting, I don't know where I can find some help
for my issue...

we have a kerberos authentication issue on a new server.
The kerberos authentication simply doesn't works!!!
iof IIS is setup to support both Negotiate and NTLM, I can't access my
sharepoint site.
if only NTLM is setup, then its ok.
if nothing is specified in the NTAuthenticationProviders option, nothing
works too.

We have 2 computers in the domain, the DC which is also the IIS/Sharepoint
server
and a database server.

but...
we have just reinstalled the DC server because last week we have suffered a
driver issue and we have completly reformated the server and reinstalled it
from scratch. we have not restored the installation from any backup because
the server is in not in production mode for the moment.

but now, after this clean reinstallation, the kerberos authentication simply
doesn't works.
and I don't know why.

there is only 1 kerberos error at startup:`
A Kerberos Error Message was received:

on logon session

Client Time:

Server Time: 0:1:25.0000 6/15/2006 Z

Error Code: 0xd KDC_ERR_BADOPTION

Extended Error: 0xc00000bb KLIN(0)

Client Realm:

Client Name:

Server Realm: <domain>

Server Name: host/<DCServer>.<domain>

Target Name: host/<DCServer>.<domain>@<domain>

Error Text:

File: 9

Line: ae0

Error Data is in record data.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.



this event occurs when I reboot the server.

I also have suffered an LSASrRV warning, solved by adding the DNS service
dependency correctly with the Netlogon service.

kerberos parameters... MaxPacketSize is set to 1, loglevel to 1

The SetSPN commands has been applied correctly.



its not my first installation of this type of config, but its the first time
where everything doesn't works.



thanks for your guides.



I really don't know what's appends.



Jerome.

The only error I see after startup is when I try to access the server
remotly:

Event Source: Security

Category Logon/Logoff

Event ID: 529

Logon Failure:

Reason: Unknown user name or bad password

User Name:

Domain:

Logon Type: 3

Logon Process: Kerberos

Authentication Package: Kerberos

Workstation Name: -

Caller User Name: -

Caller Domain: -

Caller Logon ID: -

Caller Process ID: -

Transited Services: -

Source Network Address: 10.1.32.154

Source Port: 1125



For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

I have found this on my second server: (netdiag result)
Kerberos test. . . . . . . . . . . : Failed

Find DC in domain '<domain>':
Found this DC in domain '<domain>':
DC. . . . . . . . . . . : \\<DCServer>.<domain>
Address . . . . . . . . : \\10.1.32.155
Domain Guid . . . . . . : {6DA1381B-C7B3-4705-A7CE-F59A52EF9F32}
Domain Name . . . . . . : <domain>
Forest Name . . . . . . : <domain>
DC Site Name. . . . . . : Default-First-Site-Name
Our Site Name . . . . . : Default-First-Site-Name
Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV GTIMESERV
WRIT
ABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8
[FATAL] Cannot lookup package Kerberos.
The error occurred was: (null)

and:
Redir and Browser test . . . . . . : Failed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{A5DC70B3-12AC-410F-876C-47F57A6E4A56}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{A5DC70B3-12AC-410F-876C-47F57A6E4A56}
The browser is bound to 1 NetBt transport.
[FATAL] Cannot send mailslot message to '<domain>*' via browser.
[ERROR_INVALI
D_FUNCTION]

I have not found anything relevant using googlearound these errors....


"Jeje" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
>
> first, sorry for the cross posting, I don't know where I can find some
> help for my issue...
>
> we have a kerberos authentication issue on a new server.
> The kerberos authentication simply doesn't works!!!
> iof IIS is setup to support both Negotiate and NTLM, I can't access my
> sharepoint site.
> if only NTLM is setup, then its ok.
> if nothing is specified in the NTAuthenticationProviders option, nothing
> works too.
>
> We have 2 computers in the domain, the DC which is also the IIS/Sharepoint
> server
> and a database server.
>
> but...
> we have just reinstalled the DC server because last week we have suffered
> a driver issue and we have completly reformated the server and
> reinstalled it from scratch. we have not restored the installation from
> any backup because the server is in not in production mode for the moment.
>
> but now, after this clean reinstallation, the kerberos authentication
> simply doesn't works.
> and I don't know why.
>
> there is only 1 kerberos error at startup:`
> A Kerberos Error Message was received:
>
> on logon session
>
> Client Time:
>
> Server Time: 0:1:25.0000 6/15/2006 Z
>
> Error Code: 0xd KDC_ERR_BADOPTION
>
> Extended Error: 0xc00000bb KLIN(0)
>
> Client Realm:
>
> Client Name:
>
> Server Realm: <domain>
>
> Server Name: host/<DCServer>.<domain>
>
> Target Name: host/<DCServer>.<domain>@<domain>
>
> Error Text:
>
> File: 9
>
> Line: ae0
>
> Error Data is in record data.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
>
>
> this event occurs when I reboot the server.
>
> I also have suffered an LSASrRV warning, solved by adding the DNS service
> dependency correctly with the Netlogon service.
>
> kerberos parameters... MaxPacketSize is set to 1, loglevel to 1
>
> The SetSPN commands has been applied correctly.
>
>
>
> its not my first installation of this type of config, but its the first
> time where everything doesn't works.
>
>
>
> thanks for your guides.
>
>
>
> I really don't know what's appends.
>
>
>
> Jerome.
>
> The only error I see after startup is when I try to access the server
> remotly:
>
> Event Source: Security
>
> Category Logon/Logoff
>
> Event ID: 529
>
> Logon Failure:
>
> Reason: Unknown user name or bad password
>
> User Name:
>
> Domain:
>
> Logon Type: 3
>
> Logon Process: Kerberos
>
> Authentication Package: Kerberos
>
> Workstation Name: -
>
> Caller User Name: -
>
> Caller Domain: -
>
> Caller Logon ID: -
>
> Caller Process ID: -
>
> Transited Services: -
>
> Source Network Address: 10.1.32.154
>
> Source Port: 1125
>
>
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
>
>
>

I believe that I found the doc that has the solution for you:

serach by "KDC_ERR_BADOPTION"

Troubleshooting Kerberos Errors
http://www.microsoft.com/downloads/d...displaylang=en

--
I hope that the information above helps you

Good Luck
Jorge Silva
MCSA
Systems Administrator

"Jeje" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
>
> first, sorry for the cross posting, I don't know where I can find some
> help for my issue...
>
> we have a kerberos authentication issue on a new server.
> The kerberos authentication simply doesn't works!!!
> iof IIS is setup to support both Negotiate and NTLM, I can't access my
> sharepoint site.
> if only NTLM is setup, then its ok.
> if nothing is specified in the NTAuthenticationProviders option, nothing
> works too.
>
> We have 2 computers in the domain, the DC which is also the IIS/Sharepoint
> server
> and a database server.
>
> but...
> we have just reinstalled the DC server because last week we have suffered
> a driver issue and we have completly reformated the server and
> reinstalled it from scratch. we have not restored the installation from
> any backup because the server is in not in production mode for the moment.
>
> but now, after this clean reinstallation, the kerberos authentication
> simply doesn't works.
> and I don't know why.
>
> there is only 1 kerberos error at startup:`
> A Kerberos Error Message was received:
>
> on logon session
>
> Client Time:
>
> Server Time: 0:1:25.0000 6/15/2006 Z
>
> Error Code: 0xd KDC_ERR_BADOPTION
>
> Extended Error: 0xc00000bb KLIN(0)
>
> Client Realm:
>
> Client Name:
>
> Server Realm: <domain>
>
> Server Name: host/<DCServer>.<domain>
>
> Target Name: host/<DCServer>.<domain>@<domain>
>
> Error Text:
>
> File: 9
>
> Line: ae0
>
> Error Data is in record data.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
>
>
> this event occurs when I reboot the server.
>
> I also have suffered an LSASrRV warning, solved by adding the DNS service
> dependency correctly with the Netlogon service.
>
> kerberos parameters... MaxPacketSize is set to 1, loglevel to 1
>
> The SetSPN commands has been applied correctly.
>
>
>
> its not my first installation of this type of config, but its the first
> time where everything doesn't works.
>
>
>
> thanks for your guides.
>
>
>
> I really don't know what's appends.
>
>
>
> Jerome.
>
> The only error I see after startup is when I try to access the server
> remotly:
>
> Event Source: Security
>
> Category Logon/Logoff
>
> Event ID: 529
>
> Logon Failure:
>
> Reason: Unknown user name or bad password
>
> User Name:
>
> Domain:
>
> Logon Type: 3
>
> Logon Process: Kerberos
>
> Authentication Package: Kerberos
>
> Workstation Name: -
>
> Caller User Name: -
>
> Caller Domain: -
>
> Caller Logon ID: -
>
> Caller Process ID: -
>
> Transited Services: -
>
> Source Network Address: 10.1.32.154
>
> Source Port: 1125
>
>
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
>
>
>

Well

I've allready apply or tested most of the recommandations.

now the only error I see in the event log is at boot time:
Netlogon / error 5719
This computer was not able to set up a secure session with a domain
controller in domain <DOMAIN> due to the following:

There are currently no logon servers available to service the logon request.

This may lead to authentication problems. Make sure that this computer is
connected to the network. If the problem persists, please contact your
domain administrator.



I have removed the database server (where the error is) from the AD, and add
it again; but there is no change in the error.

my server DNS configuration appear to be good.

I don't know if the problem is at the DC level or my database server level.

My database server isx64 based, my DC is x32 based. the 2 servers are
Windows 2003 R2 Enterprise edition



any other idea???

thanks.


"Jorge Silva" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I believe that I found the doc that has the solution for you:
>
> serach by "KDC_ERR_BADOPTION"
>
> Troubleshooting Kerberos Errors
> http://www.microsoft.com/downloads/d...displaylang=en
>
> --
> I hope that the information above helps you
>
> Good Luck
> Jorge Silva
> MCSA
> Systems Administrator
>
> "Jeje" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Hi,
>>
>> first, sorry for the cross posting, I don't know where I can find some
>> help for my issue...
>>
>> we have a kerberos authentication issue on a new server.
>> The kerberos authentication simply doesn't works!!!
>> iof IIS is setup to support both Negotiate and NTLM, I can't access my
>> sharepoint site.
>> if only NTLM is setup, then its ok.
>> if nothing is specified in the NTAuthenticationProviders option, nothing
>> works too.
>>
>> We have 2 computers in the domain, the DC which is also the
>> IIS/Sharepoint server
>> and a database server.
>>
>> but...
>> we have just reinstalled the DC server because last week we have suffered
>> a driver issue and we have completly reformated the server and
>> reinstalled it from scratch. we have not restored the installation from
>> any backup because the server is in not in production mode for the
>> moment.
>>
>> but now, after this clean reinstallation, the kerberos authentication
>> simply doesn't works.
>> and I don't know why.
>>
>> there is only 1 kerberos error at startup:`
>> A Kerberos Error Message was received:
>>
>> on logon session
>>
>> Client Time:
>>
>> Server Time: 0:1:25.0000 6/15/2006 Z
>>
>> Error Code: 0xd KDC_ERR_BADOPTION
>>
>> Extended Error: 0xc00000bb KLIN(0)
>>
>> Client Realm:
>>
>> Client Name:
>>
>> Server Realm: <domain>
>>
>> Server Name: host/<DCServer>.<domain>
>>
>> Target Name: host/<DCServer>.<domain>@<domain>
>>
>> Error Text:
>>
>> File: 9
>>
>> Line: ae0
>>
>> Error Data is in record data.
>>
>> For more information, see Help and Support Center at
>> http://go.microsoft.com/fwlink/events.asp.
>>
>>
>>
>> this event occurs when I reboot the server.
>>
>> I also have suffered an LSASrRV warning, solved by adding the DNS service
>> dependency correctly with the Netlogon service.
>>
>> kerberos parameters... MaxPacketSize is set to 1, loglevel to 1
>>
>> The SetSPN commands has been applied correctly.
>>
>>
>>
>> its not my first installation of this type of config, but its the first
>> time where everything doesn't works.
>>
>>
>>
>> thanks for your guides.
>>
>>
>>
>> I really don't know what's appends.
>>
>>
>>
>> Jerome.
>>
>> The only error I see after startup is when I try to access the server
>> remotly:
>>
>> Event Source: Security
>>
>> Category Logon/Logoff
>>
>> Event ID: 529
>>
>> Logon Failure:
>>
>> Reason: Unknown user name or bad password
>>
>> User Name:
>>
>> Domain:
>>
>> Logon Type: 3
>>
>> Logon Process: Kerberos
>>
>> Authentication Package: Kerberos
>>
>> Workstation Name: -
>>
>> Caller User Name: -
>>
>> Caller Domain: -
>>
>> Caller Logon ID: -
>>
>> Caller Process ID: -
>>
>> Transited Services: -
>>
>> Source Network Address: 10.1.32.154
>>
>> Source Port: 1125
>>
>>
>>
>> For more information, see Help and Support Center at
>> http://go.microsoft.com/fwlink/events.asp.
>>
>>
>>
>>
>
>

Can you tell us if the link that i gave you was helpful or did you used any
other method, can you share with us?


Check for 5719

PRB: Netlogon Logs Event ID 5719 on a Domain Controller

http://support.microsoft.com/kb/310339/en-us

How to force Kerberos to use TCP instead of UDP in Windows Server 2003, in
Windows XP, and in Windows 2000 (Netlogon 5719)

http://support.microsoft.com/default...b;en-us;244474

A Client Connected to an Ethernet Switch May Receive Several Logon-Related
Error Messages During Startup (5719)

http://support.microsoft.com/default...b;EN-US;202840


--
I hope that the information above helps you

Good Luck
Jorge Silva
MCSA
Systems Administrator

"Jéjé" <willgart_A_@hotmail_A_.com> wrote in message
news:(E-Mail Removed)...
> Well
>
> I've allready apply or tested most of the recommandations.
>
> now the only error I see in the event log is at boot time:
> Netlogon / error 5719
> This computer was not able to set up a secure session with a domain
> controller in domain <DOMAIN> due to the following:
>
> There are currently no logon servers available to service the logon
> request.
>
> This may lead to authentication problems. Make sure that this computer is
> connected to the network. If the problem persists, please contact your
> domain administrator.
>
>
>
> I have removed the database server (where the error is) from the AD, and
> add it again; but there is no change in the error.
>
> my server DNS configuration appear to be good.
>
> I don't know if the problem is at the DC level or my database server
> level.
>
> My database server isx64 based, my DC is x32 based. the 2 servers are
> Windows 2003 R2 Enterprise edition
>
>
>
> any other idea???
>
> thanks.
>
>
> "Jorge Silva" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>I believe that I found the doc that has the solution for you:
>>
>> serach by "KDC_ERR_BADOPTION"
>>
>> Troubleshooting Kerberos Errors
>> http://www.microsoft.com/downloads/d...displaylang=en
>>
>> --
>> I hope that the information above helps you
>>
>> Good Luck
>> Jorge Silva
>> MCSA
>> Systems Administrator
>>
>> "Jeje" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> Hi,
>>>
>>> first, sorry for the cross posting, I don't know where I can find some
>>> help for my issue...
>>>
>>> we have a kerberos authentication issue on a new server.
>>> The kerberos authentication simply doesn't works!!!
>>> iof IIS is setup to support both Negotiate and NTLM, I can't access my
>>> sharepoint site.
>>> if only NTLM is setup, then its ok.
>>> if nothing is specified in the NTAuthenticationProviders option, nothing
>>> works too.
>>>
>>> We have 2 computers in the domain, the DC which is also the
>>> IIS/Sharepoint server
>>> and a database server.
>>>
>>> but...
>>> we have just reinstalled the DC server because last week we have
>>> suffered a driver issue and we have completly reformated the server and
>>> reinstalled it from scratch. we have not restored the installation from
>>> any backup because the server is in not in production mode for the
>>> moment.
>>>
>>> but now, after this clean reinstallation, the kerberos authentication
>>> simply doesn't works.
>>> and I don't know why.
>>>
>>> there is only 1 kerberos error at startup:`
>>> A Kerberos Error Message was received:
>>>
>>> on logon session
>>>
>>> Client Time:
>>>
>>> Server Time: 0:1:25.0000 6/15/2006 Z
>>>
>>> Error Code: 0xd KDC_ERR_BADOPTION
>>>
>>> Extended Error: 0xc00000bb KLIN(0)
>>>
>>> Client Realm:
>>>
>>> Client Name:
>>>
>>> Server Realm: <domain>
>>>
>>> Server Name: host/<DCServer>.<domain>
>>>
>>> Target Name: host/<DCServer>.<domain>@<domain>
>>>
>>> Error Text:
>>>
>>> File: 9
>>>
>>> Line: ae0
>>>
>>> Error Data is in record data.
>>>
>>> For more information, see Help and Support Center at
>>> http://go.microsoft.com/fwlink/events.asp.
>>>
>>>
>>>
>>> this event occurs when I reboot the server.
>>>
>>> I also have suffered an LSASrRV warning, solved by adding the DNS
>>> service dependency correctly with the Netlogon service.
>>>
>>> kerberos parameters... MaxPacketSize is set to 1, loglevel to 1
>>>
>>> The SetSPN commands has been applied correctly.
>>>
>>>
>>>
>>> its not my first installation of this type of config, but its the first
>>> time where everything doesn't works.
>>>
>>>
>>>
>>> thanks for your guides.
>>>
>>>
>>>
>>> I really don't know what's appends.
>>>
>>>
>>>
>>> Jerome.
>>>
>>> The only error I see after startup is when I try to access the server
>>> remotly:
>>>
>>> Event Source: Security
>>>
>>> Category Logon/Logoff
>>>
>>> Event ID: 529
>>>
>>> Logon Failure:
>>>
>>> Reason: Unknown user name or bad password
>>>
>>> User Name:
>>>
>>> Domain:
>>>
>>> Logon Type: 3
>>>
>>> Logon Process: Kerberos
>>>
>>> Authentication Package: Kerberos
>>>
>>> Workstation Name: -
>>>
>>> Caller User Name: -
>>>
>>> Caller Domain: -
>>>
>>> Caller Logon ID: -
>>>
>>> Caller Process ID: -
>>>
>>> Transited Services: -
>>>
>>> Source Network Address: 10.1.32.154
>>>
>>> Source Port: 1125
>>>
>>>
>>>
>>> For more information, see Help and Support Center at
>>> http://go.microsoft.com/fwlink/events.asp.
>>>
>>>
>>>
>>>
>>
>>
>
>

Hi again,

I have allready tried most of the recommandations you send to me.
The previous link(s) was helpfull, But there is no change. I still have the
issue.


"Jorge Silva" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> Can you tell us if the link that i gave you was helpful or did you used
> any other method, can you share with us?
>
>
> Check for 5719
>
> PRB: Netlogon Logs Event ID 5719 on a Domain Controller
>
> http://support.microsoft.com/kb/310339/en-us
>
> How to force Kerberos to use TCP instead of UDP in Windows Server 2003, in
> Windows XP, and in Windows 2000 (Netlogon 5719)
>
> http://support.microsoft.com/default...b;en-us;244474
>
> A Client Connected to an Ethernet Switch May Receive Several Logon-Related
> Error Messages During Startup (5719)
>
> http://support.microsoft.com/default...b;EN-US;202840
>
>
> --
> I hope that the information above helps you
>
> Good Luck
> Jorge Silva
> MCSA
> Systems Administrator
>
> "Jéjé" <willgart_A_@hotmail_A_.com> wrote in message
> news:(E-Mail Removed)...
>> Well
>>
>> I've allready apply or tested most of the recommandations.
>>
>> now the only error I see in the event log is at boot time:
>> Netlogon / error 5719
>> This computer was not able to set up a secure session with a domain
>> controller in domain <DOMAIN> due to the following:
>>
>> There are currently no logon servers available to service the logon
>> request.
>>
>> This may lead to authentication problems. Make sure that this computer is
>> connected to the network. If the problem persists, please contact your
>> domain administrator.
>>
>>
>>
>> I have removed the database server (where the error is) from the AD, and
>> add it again; but there is no change in the error.
>>
>> my server DNS configuration appear to be good.
>>
>> I don't know if the problem is at the DC level or my database server
>> level.
>>
>> My database server isx64 based, my DC is x32 based. the 2 servers are
>> Windows 2003 R2 Enterprise edition
>>
>>
>>
>> any other idea???
>>
>> thanks.
>>
>>
>> "Jorge Silva" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>>I believe that I found the doc that has the solution for you:
>>>
>>> serach by "KDC_ERR_BADOPTION"
>>>
>>> Troubleshooting Kerberos Errors
>>> http://www.microsoft.com/downloads/d...displaylang=en
>>>
>>> --
>>> I hope that the information above helps you
>>>
>>> Good Luck
>>> Jorge Silva
>>> MCSA
>>> Systems Administrator
>>>
>>> "Jeje" <(E-Mail Removed)> wrote in message
>>> news:(E-Mail Removed)...
>>>> Hi,
>>>>
>>>> first, sorry for the cross posting, I don't know where I can find some
>>>> help for my issue...
>>>>
>>>> we have a kerberos authentication issue on a new server.
>>>> The kerberos authentication simply doesn't works!!!
>>>> iof IIS is setup to support both Negotiate and NTLM, I can't access my
>>>> sharepoint site.
>>>> if only NTLM is setup, then its ok.
>>>> if nothing is specified in the NTAuthenticationProviders option,
>>>> nothing works too.
>>>>
>>>> We have 2 computers in the domain, the DC which is also the
>>>> IIS/Sharepoint server
>>>> and a database server.
>>>>
>>>> but...
>>>> we have just reinstalled the DC server because last week we have
>>>> suffered a driver issue and we have completly reformated the server
>>>> and reinstalled it from scratch. we have not restored the installation
>>>> from any backup because the server is in not in production mode for the
>>>> moment.
>>>>
>>>> but now, after this clean reinstallation, the kerberos authentication
>>>> simply doesn't works.
>>>> and I don't know why.
>>>>
>>>> there is only 1 kerberos error at startup:`
>>>> A Kerberos Error Message was received:
>>>>
>>>> on logon session
>>>>
>>>> Client Time:
>>>>
>>>> Server Time: 0:1:25.0000 6/15/2006 Z
>>>>
>>>> Error Code: 0xd KDC_ERR_BADOPTION
>>>>
>>>> Extended Error: 0xc00000bb KLIN(0)
>>>>
>>>> Client Realm:
>>>>
>>>> Client Name:
>>>>
>>>> Server Realm: <domain>
>>>>
>>>> Server Name: host/<DCServer>.<domain>
>>>>
>>>> Target Name: host/<DCServer>.<domain>@<domain>
>>>>
>>>> Error Text:
>>>>
>>>> File: 9
>>>>
>>>> Line: ae0
>>>>
>>>> Error Data is in record data.
>>>>
>>>> For more information, see Help and Support Center at
>>>> http://go.microsoft.com/fwlink/events.asp.
>>>>
>>>>
>>>>
>>>> this event occurs when I reboot the server.
>>>>
>>>> I also have suffered an LSASrRV warning, solved by adding the DNS
>>>> service dependency correctly with the Netlogon service.
>>>>
>>>> kerberos parameters... MaxPacketSize is set to 1, loglevel to 1
>>>>
>>>> The SetSPN commands has been applied correctly.
>>>>
>>>>
>>>>
>>>> its not my first installation of this type of config, but its the first
>>>> time where everything doesn't works.
>>>>
>>>>
>>>>
>>>> thanks for your guides.
>>>>
>>>>
>>>>
>>>> I really don't know what's appends.
>>>>
>>>>
>>>>
>>>> Jerome.
>>>>
>>>> The only error I see after startup is when I try to access the server
>>>> remotly:
>>>>
>>>> Event Source: Security
>>>>
>>>> Category Logon/Logoff
>>>>
>>>> Event ID: 529
>>>>
>>>> Logon Failure:
>>>>
>>>> Reason: Unknown user name or bad password
>>>>
>>>> User Name:
>>>>
>>>> Domain:
>>>>
>>>> Logon Type: 3
>>>>
>>>> Logon Process: Kerberos
>>>>
>>>> Authentication Package: Kerberos
>>>>
>>>> Workstation Name: -
>>>>
>>>> Caller User Name: -
>>>>
>>>> Caller Domain: -
>>>>
>>>> Caller Logon ID: -
>>>>
>>>> Caller Process ID: -
>>>>
>>>> Transited Services: -
>>>>
>>>> Source Network Address: 10.1.32.154
>>>>
>>>> Source Port: 1125
>>>>
>>>>
>>>>
>>>> For more information, see Help and Support Center at
>>>> http://go.microsoft.com/fwlink/events.asp.
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

check here
http://www.eventid.net/display.asp?e...TLOGON&phase=1


--
I hope that the information above helps you

Good Luck
Jorge Silva
MCSA
Systems Administrator

"Jéjé" <willgart_A_@hotmail_A_.com> wrote in message
news:(E-Mail Removed)...
> Hi again,
>
> I have allready tried most of the recommandations you send to me.
> The previous link(s) was helpfull, But there is no change. I still have
> the issue.
>
>
> "Jorge Silva" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>
>> Can you tell us if the link that i gave you was helpful or did you used
>> any other method, can you share with us?
>>
>>
>> Check for 5719
>>
>> PRB: Netlogon Logs Event ID 5719 on a Domain Controller
>>
>> http://support.microsoft.com/kb/310339/en-us
>>
>> How to force Kerberos to use TCP instead of UDP in Windows Server 2003,
>> in Windows XP, and in Windows 2000 (Netlogon 5719)
>>
>> http://support.microsoft.com/default...b;en-us;244474
>>
>> A Client Connected to an Ethernet Switch May Receive Several
>> Logon-Related Error Messages During Startup (5719)
>>
>> http://support.microsoft.com/default...b;EN-US;202840
>>
>>
>> --
>> I hope that the information above helps you
>>
>> Good Luck
>> Jorge Silva
>> MCSA
>> Systems Administrator
>>
>> "Jéjé" <willgart_A_@hotmail_A_.com> wrote in message
>> news:(E-Mail Removed)...
>>> Well
>>>
>>> I've allready apply or tested most of the recommandations.
>>>
>>> now the only error I see in the event log is at boot time:
>>> Netlogon / error 5719
>>> This computer was not able to set up a secure session with a domain
>>> controller in domain <DOMAIN> due to the following:
>>>
>>> There are currently no logon servers available to service the logon
>>> request.
>>>
>>> This may lead to authentication problems. Make sure that this computer
>>> is connected to the network. If the problem persists, please contact
>>> your domain administrator.
>>>
>>>
>>>
>>> I have removed the database server (where the error is) from the AD, and
>>> add it again; but there is no change in the error.
>>>
>>> my server DNS configuration appear to be good.
>>>
>>> I don't know if the problem is at the DC level or my database server
>>> level.
>>>
>>> My database server isx64 based, my DC is x32 based. the 2 servers are
>>> Windows 2003 R2 Enterprise edition
>>>
>>>
>>>
>>> any other idea???
>>>
>>> thanks.
>>>
>>>
>>> "Jorge Silva" <(E-Mail Removed)> wrote in message
>>> news:(E-Mail Removed)...
>>>>I believe that I found the doc that has the solution for you:
>>>>
>>>> serach by "KDC_ERR_BADOPTION"
>>>>
>>>> Troubleshooting Kerberos Errors
>>>> http://www.microsoft.com/downloads/d...displaylang=en
>>>>
>>>> --
>>>> I hope that the information above helps you
>>>>
>>>> Good Luck
>>>> Jorge Silva
>>>> MCSA
>>>> Systems Administrator
>>>>
>>>> "Jeje" <(E-Mail Removed)> wrote in message
>>>> news:(E-Mail Removed)...
>>>>> Hi,
>>>>>
>>>>> first, sorry for the cross posting, I don't know where I can find some
>>>>> help for my issue...
>>>>>
>>>>> we have a kerberos authentication issue on a new server.
>>>>> The kerberos authentication simply doesn't works!!!
>>>>> iof IIS is setup to support both Negotiate and NTLM, I can't access my
>>>>> sharepoint site.
>>>>> if only NTLM is setup, then its ok.
>>>>> if nothing is specified in the NTAuthenticationProviders option,
>>>>> nothing works too.
>>>>>
>>>>> We have 2 computers in the domain, the DC which is also the
>>>>> IIS/Sharepoint server
>>>>> and a database server.
>>>>>
>>>>> but...
>>>>> we have just reinstalled the DC server because last week we have
>>>>> suffered a driver issue and we have completly reformated the server
>>>>> and reinstalled it from scratch. we have not restored the installation
>>>>> from any backup because the server is in not in production mode for
>>>>> the moment.
>>>>>
>>>>> but now, after this clean reinstallation, the kerberos authentication
>>>>> simply doesn't works.
>>>>> and I don't know why.
>>>>>
>>>>> there is only 1 kerberos error at startup:`
>>>>> A Kerberos Error Message was received:
>>>>>
>>>>> on logon session
>>>>>
>>>>> Client Time:
>>>>>
>>>>> Server Time: 0:1:25.0000 6/15/2006 Z
>>>>>
>>>>> Error Code: 0xd KDC_ERR_BADOPTION
>>>>>
>>>>> Extended Error: 0xc00000bb KLIN(0)
>>>>>
>>>>> Client Realm:
>>>>>
>>>>> Client Name:
>>>>>
>>>>> Server Realm: <domain>
>>>>>
>>>>> Server Name: host/<DCServer>.<domain>
>>>>>
>>>>> Target Name: host/<DCServer>.<domain>@<domain>
>>>>>
>>>>> Error Text:
>>>>>
>>>>> File: 9
>>>>>
>>>>> Line: ae0
>>>>>
>>>>> Error Data is in record data.
>>>>>
>>>>> For more information, see Help and Support Center at
>>>>> http://go.microsoft.com/fwlink/events.asp.
>>>>>
>>>>>
>>>>>
>>>>> this event occurs when I reboot the server.
>>>>>
>>>>> I also have suffered an LSASrRV warning, solved by adding the DNS
>>>>> service dependency correctly with the Netlogon service.
>>>>>
>>>>> kerberos parameters... MaxPacketSize is set to 1, loglevel to 1
>>>>>
>>>>> The SetSPN commands has been applied correctly.
>>>>>
>>>>>
>>>>>
>>>>> its not my first installation of this type of config, but its the
>>>>> first time where everything doesn't works.
>>>>>
>>>>>
>>>>>
>>>>> thanks for your guides.
>>>>>
>>>>>
>>>>>
>>>>> I really don't know what's appends.
>>>>>
>>>>>
>>>>>
>>>>> Jerome.
>>>>>
>>>>> The only error I see after startup is when I try to access the server
>>>>> remotly:
>>>>>
>>>>> Event Source: Security
>>>>>
>>>>> Category Logon/Logoff
>>>>>
>>>>> Event ID: 529
>>>>>
>>>>> Logon Failure:
>>>>>
>>>>> Reason: Unknown user name or bad password
>>>>>
>>>>> User Name:
>>>>>
>>>>> Domain:
>>>>>
>>>>> Logon Type: 3
>>>>>
>>>>> Logon Process: Kerberos
>>>>>
>>>>> Authentication Package: Kerberos
>>>>>
>>>>> Workstation Name: -
>>>>>
>>>>> Caller User Name: -
>>>>>
>>>>> Caller Domain: -
>>>>>
>>>>> Caller Logon ID: -
>>>>>
>>>>> Caller Process ID: -
>>>>>
>>>>> Transited Services: -
>>>>>
>>>>> Source Network Address: 10.1.32.154
>>>>>
>>>>> Source Port: 1125
>>>>>
>>>>>
>>>>>
>>>>> For more information, see Help and Support Center at
>>>>> http://go.microsoft.com/fwlink/events.asp.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

finally the error disappear!!!
I have added the WINS server on my DC
and change the network cards to use it, and its ok now!

thanks for your help.


"Jorge Silva" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> check here
> http://www.eventid.net/display.asp?e...TLOGON&phase=1
>
>
> --
> I hope that the information above helps you
>
> Good Luck
> Jorge Silva
> MCSA
> Systems Administrator
>
> "Jéjé" <willgart_A_@hotmail_A_.com> wrote in message
> news:(E-Mail Removed)...
>> Hi again,
>>
>> I have allready tried most of the recommandations you send to me.
>> The previous link(s) was helpfull, But there is no change. I still have
>> the issue.
>>
>>
>> "Jorge Silva" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>>
>>> Can you tell us if the link that i gave you was helpful or did you used
>>> any other method, can you share with us?
>>>
>>>
>>> Check for 5719
>>>
>>> PRB: Netlogon Logs Event ID 5719 on a Domain Controller
>>>
>>> http://support.microsoft.com/kb/310339/en-us
>>>
>>> How to force Kerberos to use TCP instead of UDP in Windows Server 2003,
>>> in Windows XP, and in Windows 2000 (Netlogon 5719)
>>>
>>> http://support.microsoft.com/default...b;en-us;244474
>>>
>>> A Client Connected to an Ethernet Switch May Receive Several
>>> Logon-Related Error Messages During Startup (5719)
>>>
>>> http://support.microsoft.com/default...b;EN-US;202840
>>>
>>>
>>> --
>>> I hope that the information above helps you
>>>
>>> Good Luck
>>> Jorge Silva
>>> MCSA
>>> Systems Administrator
>>>
>>> "Jéjé" <willgart_A_@hotmail_A_.com> wrote in message
>>> news:(E-Mail Removed)...
>>>> Well
>>>>
>>>> I've allready apply or tested most of the recommandations.
>>>>
>>>> now the only error I see in the event log is at boot time:
>>>> Netlogon / error 5719
>>>> This computer was not able to set up a secure session with a domain
>>>> controller in domain <DOMAIN> due to the following:
>>>>
>>>> There are currently no logon servers available to service the logon
>>>> request.
>>>>
>>>> This may lead to authentication problems. Make sure that this computer
>>>> is connected to the network. If the problem persists, please contact
>>>> your domain administrator.
>>>>
>>>>
>>>>
>>>> I have removed the database server (where the error is) from the AD,
>>>> and add it again; but there is no change in the error.
>>>>
>>>> my server DNS configuration appear to be good.
>>>>
>>>> I don't know if the problem is at the DC level or my database server
>>>> level.
>>>>
>>>> My database server isx64 based, my DC is x32 based. the 2 servers are
>>>> Windows 2003 R2 Enterprise edition
>>>>
>>>>
>>>>
>>>> any other idea???
>>>>
>>>> thanks.
>>>>
>>>>
>>>> "Jorge Silva" <(E-Mail Removed)> wrote in message
>>>> news:(E-Mail Removed)...
>>>>>I believe that I found the doc that has the solution for you:
>>>>>
>>>>> serach by "KDC_ERR_BADOPTION"
>>>>>
>>>>> Troubleshooting Kerberos Errors
>>>>> http://www.microsoft.com/downloads/d...displaylang=en
>>>>>
>>>>> --
>>>>> I hope that the information above helps you
>>>>>
>>>>> Good Luck
>>>>> Jorge Silva
>>>>> MCSA
>>>>> Systems Administrator
>>>>>
>>>>> "Jeje" <(E-Mail Removed)> wrote in message
>>>>> news:(E-Mail Removed)...
>>>>>> Hi,
>>>>>>
>>>>>> first, sorry for the cross posting, I don't know where I can find
>>>>>> some help for my issue...
>>>>>>
>>>>>> we have a kerberos authentication issue on a new server.
>>>>>> The kerberos authentication simply doesn't works!!!
>>>>>> iof IIS is setup to support both Negotiate and NTLM, I can't access
>>>>>> my sharepoint site.
>>>>>> if only NTLM is setup, then its ok.
>>>>>> if nothing is specified in the NTAuthenticationProviders option,
>>>>>> nothing works too.
>>>>>>
>>>>>> We have 2 computers in the domain, the DC which is also the
>>>>>> IIS/Sharepoint server
>>>>>> and a database server.
>>>>>>
>>>>>> but...
>>>>>> we have just reinstalled the DC server because last week we have
>>>>>> suffered a driver issue and we have completly reformated the server
>>>>>> and reinstalled it from scratch. we have not restored the
>>>>>> installation from any backup because the server is in not in
>>>>>> production mode for the moment.
>>>>>>
>>>>>> but now, after this clean reinstallation, the kerberos authentication
>>>>>> simply doesn't works.
>>>>>> and I don't know why.
>>>>>>
>>>>>> there is only 1 kerberos error at startup:`
>>>>>> A Kerberos Error Message was received:
>>>>>>
>>>>>> on logon session
>>>>>>
>>>>>> Client Time:
>>>>>>
>>>>>> Server Time: 0:1:25.0000 6/15/2006 Z
>>>>>>
>>>>>> Error Code: 0xd KDC_ERR_BADOPTION
>>>>>>
>>>>>> Extended Error: 0xc00000bb KLIN(0)
>>>>>>
>>>>>> Client Realm:
>>>>>>
>>>>>> Client Name:
>>>>>>
>>>>>> Server Realm: <domain>
>>>>>>
>>>>>> Server Name: host/<DCServer>.<domain>
>>>>>>
>>>>>> Target Name: host/<DCServer>.<domain>@<domain>
>>>>>>
>>>>>> Error Text:
>>>>>>
>>>>>> File: 9
>>>>>>
>>>>>> Line: ae0
>>>>>>
>>>>>> Error Data is in record data.
>>>>>>
>>>>>> For more information, see Help and Support Center at
>>>>>> http://go.microsoft.com/fwlink/events.asp.
>>>>>>
>>>>>>
>>>>>>
>>>>>> this event occurs when I reboot the server.
>>>>>>
>>>>>> I also have suffered an LSASrRV warning, solved by adding the DNS
>>>>>> service dependency correctly with the Netlogon service.
>>>>>>
>>>>>> kerberos parameters... MaxPacketSize is set to 1, loglevel to 1
>>>>>>
>>>>>> The SetSPN commands has been applied correctly.
>>>>>>
>>>>>>
>>>>>>
>>>>>> its not my first installation of this type of config, but its the
>>>>>> first time where everything doesn't works.
>>>>>>
>>>>>>
>>>>>>
>>>>>> thanks for your guides.
>>>>>>
>>>>>>
>>>>>>
>>>>>> I really don't know what's appends.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Jerome.
>>>>>>
>>>>>> The only error I see after startup is when I try to access the server
>>>>>> remotly:
>>>>>>
>>>>>> Event Source: Security
>>>>>>
>>>>>> Category Logon/Logoff
>>>>>>
>>>>>> Event ID: 529
>>>>>>
>>>>>> Logon Failure:
>>>>>>
>>>>>> Reason: Unknown user name or bad password
>>>>>>
>>>>>> User Name:
>>>>>>
>>>>>> Domain:
>>>>>>
>>>>>> Logon Type: 3
>>>>>>
>>>>>> Logon Process: Kerberos
>>>>>>
>>>>>> Authentication Package: Kerberos
>>>>>>
>>>>>> Workstation Name: -
>>>>>>
>>>>>> Caller User Name: -
>>>>>>
>>>>>> Caller Domain: -
>>>>>>
>>>>>> Caller Logon ID: -
>>>>>>
>>>>>> Caller Process ID: -
>>>>>>
>>>>>> Transited Services: -
>>>>>>
>>>>>> Source Network Address: 10.1.32.154
>>>>>>
>>>>>> Source Port: 1125
>>>>>>
>>>>>>
>>>>>>
>>>>>> For more information, see Help and Support Center at
>>>>>> http://go.microsoft.com/fwlink/events.asp.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>